Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Need help with a problem [CLOSED]


  • This topic is locked This topic is locked

#1
Rael

Rael

    New Member

  • Member
  • Pip
  • 3 posts
Well, I have a problem that I have no clue how to solve. I believe it has something to do with an old version of AVG that I can't get to uninstall.

One of my major problems is that I can't get onto some of my most frequently visited websites without going through a proxy site. Help would be greatly appreciated.


heres: the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:30:26 PM, on 5/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [979799A1A39EA3A3] 4B4B4D55575257.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKLM\..\Run: [BMa3e09c2d] Rundll32.exe "C:\WINDOWS\system32\qgibakqi.dll",s
O4 - HKLM\..\Run: [a0d3afb1] rundll32.exe "C:\WINDOWS\system32\lnugjtrk.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKCU\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 12288 bytes

Edited by Rael, 11 May 2008 - 09:38 PM.

  • 0

Advertisements


#2
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.



Please visit this web page for instructions for downloading and running ComboFix

http://www.bleepingc...to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

For more information on the Windows XP Recovery Console read http://support.microsoft.com/kb/314058.

Once you install the Recovery Console, when you reboot your computer, you'll see the option for the Recovery Console now as well. Don't select Recovery Console as we don't need it. By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows. That is normal.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
  • 0

#3
Rael

Rael

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thank you very much for your response. Here's my Combo fix log:

ComboFix 08-05-11.1 - Ed 2008-05-12 16:58:32.1 - NTFSx86
Running from: C:\Documents and Settings\Ed\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\nsv
C:\Documents and Settings\All Users\Application Data\nsv\keys.dat
C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx
C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx
C:\Documents and Settings\Compaq_Owner\Application Data\FunWebProducts
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiVirus Pro 2006
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiVirus Pro 2006\Logs\update.log
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiVirus Pro 2006\Logs\wa6Support.log
C:\Documents and Settings\Compaq_Owner\Application Data\WinAntiVirus Pro 2006\Logs\winav.log
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\lswmv.ini
C:\Program Files\AntiSpywareMaster
C:\Program Files\Common Files\{30D3A~1
C:\Program Files\Common Files\{30D3A~1\Bar888.dll.lzma
C:\Program Files\Common Files\{A0D3A~1
C:\Program Files\Common Files\{A0D3A~1\Update.exe
C:\Program Files\Common Files\{A0D3A~2
C:\Program Files\Common Files\{A0D3A~2\Update.exe
C:\Program Files\Common Files\ecurit~1
C:\Program Files\Common Files\sstem~1
C:\Program Files\Common Files\system\kbui32.dll
C:\Program Files\Common Files\uninstall information
C:\Program Files\Common Files\winantivirus pro 2006
C:\Program Files\Common Files\winantivirus pro 2006\err.log
C:\Program Files\Common Files\WinSoftware
C:\Program Files\Common Files\ystem3~1
C:\Program Files\cowabanga
C:\Program Files\cowabanga\License.txt
C:\Program Files\inetget2
C:\Program Files\iTunes\jalusag777444.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore .exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
C:\Program Files\myglobalsearch
C:\Program Files\myglobalsearch\bar\History\search
C:\Program Files\network monitor
C:\Program Files\QdrDrive
C:\Program Files\quick links
C:\Program Files\quick links\Uninst.log
C:\Program Files\screensavers.com
C:\Program Files\starware
C:\Program Files\starware\brand.bmp
C:\Program Files\starware\icons\star_16.ico
C:\Program Files\starware\icons\Thumbs.db
C:\Program Files\Temporary
C:\Program Files\Temporary\wininstall.exe
C:\Program Files\thesearchaccelerator
C:\Program Files\thesearchaccelerator\INSTALL.LOG
C:\Program Files\WinBudget
C:\Program Files\wincmapp
C:\Program Files\ystem~1
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\abjakjvc.dll
C:\WINDOWS\system32\abnckxyt.dll
C:\WINDOWS\system32\acvwyrjw.dll
C:\WINDOWS\system32\agqkvdpa.dll
C:\WINDOWS\system32\akbefbjl.dll
C:\WINDOWS\system32\aoandkcs.dll
C:\WINDOWS\system32\atqibuhk.dll
C:\WINDOWS\system32\bfbtvulj.ini
C:\WINDOWS\system32\bflyixwl.dll
C:\WINDOWS\system32\bgyreesl.dll
C:\WINDOWS\system32\bigwmxlg.dll
C:\WINDOWS\system32\bkqlpnas.dll
C:\WINDOWS\system32\bnkvknxg.dll
C:\WINDOWS\system32\btwjpiwe.dll
C:\WINDOWS\system32\btxwsdrv.ini
C:\WINDOWS\system32\bxrshiql.dll
C:\WINDOWS\system32\cbuxrorp.dll
C:\WINDOWS\system32\cbXRHabX.dll
C:\WINDOWS\system32\cfjlawxf.ini
C:\WINDOWS\system32\chbswvcf.dll
C:\WINDOWS\system32\cjehconi.ini
C:\WINDOWS\system32\cjjwsenx.dll
C:\WINDOWS\system32\ckaiemok.ini
C:\WINDOWS\system32\cqensetd.dll
C:\WINDOWS\system32\csaumomh.ini
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\ctsypynr.ini
C:\WINDOWS\system32\cvsunswx.dll
C:\WINDOWS\system32\cwctkrch.dll
C:\WINDOWS\system32\dafigsby.dll
C:\WINDOWS\system32\dceqrasu.ini
C:\WINDOWS\system32\dclhiiyx.ini
C:\WINDOWS\system32\dercgctt.dll
C:\WINDOWS\system32\dfovfdhl.dll
C:\WINDOWS\system32\dlpupgja.ini
C:\WINDOWS\system32\dmcoqetb.dll
C:\WINDOWS\system32\dwdgsjby.dll
C:\WINDOWS\system32\dwolkmkv.dll
C:\WINDOWS\system32\dxjwpopb.dll
C:\WINDOWS\system32\eabdiirl.dll
C:\WINDOWS\system32\ebiygvfk.dll
C:\WINDOWS\system32\efgdfryw.dll
C:\WINDOWS\system32\egvifjxe.ini
C:\WINDOWS\system32\ejbtlwvw.ini
C:\WINDOWS\system32\eloexflg.ini
C:\WINDOWS\system32\ensnubhi.ini
C:\WINDOWS\system32\epawecno.ini
C:\WINDOWS\system32\epqoxlvu.dll
C:\WINDOWS\system32\ervxpyvs.dll
C:\WINDOWS\system32\esxhfphw.dll
C:\WINDOWS\system32\euisavmk.dll
C:\WINDOWS\system32\ewipjwtb.ini
C:\WINDOWS\system32\fapnhijf.dll
C:\WINDOWS\system32\fdfrbwuw.dll
C:\WINDOWS\system32\fhqpgqkm.dll
C:\WINDOWS\system32\fkyepbvf.dll
C:\WINDOWS\system32\foqeorqm.ini
C:\WINDOWS\system32\fovugdqh.dll
C:\WINDOWS\system32\fowughal.dll
C:\WINDOWS\system32\fqrmccnw.ini
C:\WINDOWS\system32\frrkqhdn.dll
C:\WINDOWS\system32\ftuhjutp.ini
C:\WINDOWS\system32\ftvfefvs.ini
C:\WINDOWS\system32\fwvgkxhw.dll
C:\WINDOWS\system32\fxfbfano.ini
C:\WINDOWS\system32\gcqjlwkp.dll
C:\WINDOWS\system32\geBTKCtS.dll
C:\WINDOWS\system32\gedapaub.dll
C:\WINDOWS\system32\gifswfcf.dll
C:\WINDOWS\system32\gjcutsfs.dll
C:\WINDOWS\system32\gjgtmrey.dll
C:\WINDOWS\system32\gjjexwbu.ini
C:\WINDOWS\system32\glxeoyol.dll
C:\WINDOWS\system32\gmafsjdx.dll
C:\WINDOWS\system32\grqattko.dll
C:\WINDOWS\system32\gtlmdmxs.dll
C:\WINDOWS\system32\guppcqrr.dll
C:\WINDOWS\system32\gvdffxrb.dll
C:\WINDOWS\system32\gwolpkbk.ini
C:\WINDOWS\system32\gwwhngdq.ini
C:\WINDOWS\system32\gxnkvknb.ini
C:\WINDOWS\system32\hbbfcxnx.dll
C:\WINDOWS\system32\hcrktcwc.ini
C:\WINDOWS\system32\hfockrjf.ini
C:\WINDOWS\system32\hgclnhnf.dll
C:\WINDOWS\system32\hgplytuj.dll
C:\WINDOWS\system32\hkhgcmxe.dll
C:\WINDOWS\system32\hmomuasc.dll
C:\WINDOWS\system32\hofsqrym.ini
C:\WINDOWS\system32\homwqown.dll
C:\WINDOWS\system32\hqdguvof.ini
C:\WINDOWS\system32\hqtpnbol.ini
C:\WINDOWS\system32\hrwqcfiq.dll
C:\WINDOWS\system32\htsniofs.ini
C:\WINDOWS\system32\htygnmlh.dll
C:\WINDOWS\system32\hwobjlsh.ini
C:\WINDOWS\system32\hwyrapaw.ini
C:\WINDOWS\system32\hygxphft.dll
C:\WINDOWS\system32\ibxdlxgb.dll
C:\WINDOWS\system32\icroso~1
C:\WINDOWS\system32\idugxjfi.dll
C:\WINDOWS\system32\ifmrqhpv.ini
C:\WINDOWS\system32\ihrpoplt.dll
C:\WINDOWS\system32\inst.dat
C:\WINDOWS\system32\ipmvgjxm.ini
C:\WINDOWS\system32\ipuvkice.dll
C:\WINDOWS\system32\irlycrld.ini
C:\WINDOWS\system32\isqqidaf.dll
C:\WINDOWS\system32\iviswxrd.dll
C:\WINDOWS\system32\ixwkpysx.dll
C:\WINDOWS\system32\iyoqarma.dll
C:\WINDOWS\system32\iyxxxjmq.dll
C:\WINDOWS\system32\jcnmjccs.dll
C:\WINDOWS\system32\jgywoser.dll
C:\WINDOWS\system32\jifdrjrv.dll
C:\WINDOWS\system32\jiyuxygm.ini
C:\WINDOWS\system32\jkuwyhij.dll
C:\WINDOWS\system32\jleqbqnm.dll
C:\WINDOWS\system32\jluvtbfb.dll
C:\WINDOWS\system32\jmtajkxe.dll
C:\WINDOWS\system32\jujhktry.dll
C:\WINDOWS\system32\jvxaxpny.dll
C:\WINDOWS\system32\kcculebv.dll
C:\WINDOWS\system32\kgidolls.dll
C:\WINDOWS\system32\kheoinpk.dll
C:\WINDOWS\system32\khubiqta.ini
C:\WINDOWS\system32\kiitjkpw.dll
C:\WINDOWS\system32\kkeivhmd.dll
C:\WINDOWS\system32\kmcccxol.ini
C:\WINDOWS\system32\kmvasiue.ini
C:\WINDOWS\system32\krakduep.dll
C:\WINDOWS\system32\krtjgunl.ini
C:\WINDOWS\system32\lahguwof.ini
C:\WINDOWS\system32\laqcsnjn.dll
C:\WINDOWS\system32\lenoosgy.ini
C:\WINDOWS\system32\lgbdmmlk.ini
C:\WINDOWS\system32\ljbfebka.ini
C:\WINDOWS\system32\ljxbubku.ini
C:\WINDOWS\system32\lmntskwf.dll
C:\WINDOWS\system32\lnklsbjv.ini
C:\WINDOWS\system32\lnugjtrk.dll
C:\WINDOWS\system32\lobnptqh.dll
C:\WINDOWS\system32\lqpycfbx.dll
C:\WINDOWS\system32\lrgtyfaf.ini
C:\WINDOWS\system32\lscsxrfx.dll
C:\WINDOWS\system32\lulemfeu.ini
C:\WINDOWS\system32\lxjdyqqc.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mefjpdpp.dll
C:\WINDOWS\system32\mkfnqcyf.dll
C:\WINDOWS\system32\mprbnyqo.dll
C:\WINDOWS\system32\mqroeqof.dll
C:\WINDOWS\system32\muehtydr.dll
C:\WINDOWS\system32\muohffbx.dll
C:\WINDOWS\system32\mwtkbckb.dll
C:\WINDOWS\system32\mxdcfqdv.dll
C:\WINDOWS\system32\mxjgvmpi.dll
C:\WINDOWS\system32\myrqsfoh.dll
C:\WINDOWS\system32\naahveae.dll
C:\WINDOWS\system32\nbhjkklf.ini
C:\WINDOWS\system32\nfryjsnl.dll
C:\WINDOWS\system32\nftwvnmh.ini
C:\WINDOWS\system32\nnlqjiuf.dll
C:\WINDOWS\system32\nnovyhei.dll
C:\WINDOWS\system32\nvyhgcps.dll
C:\WINDOWS\system32\nvyrifdq.ini
C:\WINDOWS\system32\oamlkttp.ini
C:\WINDOWS\system32\oaubrcwm.dll
C:\WINDOWS\system32\obtmpbuc.ini
C:\WINDOWS\system32\ocppwhjn.dll
C:\WINDOWS\system32\oddmgtdt.dll
C:\WINDOWS\system32\oetctubc.dll
C:\WINDOWS\system32\ogkfmvkf.dll
C:\WINDOWS\system32\ojnxcgow.ini
C:\WINDOWS\system32\opvolcai.dll
C:\WINDOWS\system32\osxdtxrn.dll
C:\WINDOWS\system32\owursbvy.dll
C:\WINDOWS\system32\pbihhuyn.dll
C:\WINDOWS\system32\phdvxafh.dll
C:\WINDOWS\system32\pk.bin
C:\WINDOWS\system32\pktcltko.dll
C:\WINDOWS\system32\pnqhvekw.ini
C:\WINDOWS\system32\pqsnjmek.ini
C:\WINDOWS\system32\psearset.dll
C:\WINDOWS\system32\puqadafh.dll
C:\WINDOWS\system32\pynjwqrb.dll
C:\WINDOWS\system32\qadojvqa.dll
C:\WINDOWS\system32\qdxbetfr.ini
C:\WINDOWS\system32\qefnksih.dll
C:\WINDOWS\system32\qexymskc.dll
C:\WINDOWS\system32\qgibakqi.dll
C:\WINDOWS\system32\qhaevqfw.dll
C:\WINDOWS\system32\qnmhqfye.ini
C:\WINDOWS\system32\qqqibwrk.dll
C:\WINDOWS\system32\qrcvdsrf.dll
C:\WINDOWS\system32\qrhfjgfl.dll
C:\WINDOWS\system32\qrnnvmnc.dll
C:\WINDOWS\system32\rapfufbd.dll
C:\WINDOWS\system32\rftxskwo.ini
C:\WINDOWS\system32\rjqecijv.dll
C:\WINDOWS\system32\rneylram.dll
C:\WINDOWS\system32\rvkcwtpe.dll
C:\WINDOWS\system32\rwqwvndx.dll
C:\WINDOWS\system32\scchlxkg.ini
C:\WINDOWS\system32\scuxnawi.dll
C:\WINDOWS\system32\sgnmmoai.dll
C:\WINDOWS\system32\sllodigk.ini
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini2
C:\WINDOWS\system32\StCKTBeg.ini
C:\WINDOWS\system32\StCKTBeg.ini2
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stera.job
C:\WINDOWS\system32\sxmdmltg.ini
C:\WINDOWS\system32\tbpqrjpc.dll
C:\WINDOWS\system32\tdlyhvnp.ini
C:\WINDOWS\system32\tfsaqaxv.ini
C:\WINDOWS\system32\tlbfgbrj.ini
C:\WINDOWS\system32\tqtofhcu.ini
C:\WINDOWS\system32\trxrwmhm.ini
C:\WINDOWS\system32\tsqebdey.ini
C:\WINDOWS\system32\tulwmmsm.dll
C:\WINDOWS\system32\tuqrmmce.dll
C:\WINDOWS\system32\tylsldye.ini
C:\WINDOWS\system32\uadipgvc.dll
C:\WINDOWS\system32\ubahhmls.ini
C:\WINDOWS\system32\ubptdhwt.dll
C:\WINDOWS\system32\ubwxejjg.dll
C:\WINDOWS\system32\uchfotqt.dll
C:\WINDOWS\system32\uitskdke.dll
C:\WINDOWS\system32\unkehqnj.dll
C:\WINDOWS\system32\unnyevrx.dll
C:\WINDOWS\system32\upbuljka.dll
C:\WINDOWS\system32\utihubcs.dll
C:\WINDOWS\system32\uufphysy.dll
C:\WINDOWS\system32\uuswhicb.dll
C:\WINDOWS\system32\vgttbsti.dll
C:\WINDOWS\system32\vkmtadbn.ini
C:\WINDOWS\system32\vlhbpgfw.dll
C:\WINDOWS\system32\vwduxfci.ini
C:\WINDOWS\system32\wdspskfr.dll
C:\WINDOWS\system32\wfgpbhlv.ini
C:\WINDOWS\system32\wifnchnu.dll
C:\WINDOWS\system32\wngckcui.ini
C:\WINDOWS\system32\wnsapisv32.exe
C:\WINDOWS\system32\woafubtn.dll
C:\WINDOWS\system32\wogcxnjo.dll
C:\WINDOWS\system32\wotdotrk.ini
C:\WINDOWS\system32\wqokerfy.dll
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\xafbpdms.dll
C:\WINDOWS\system32\xdjbtelv.ini
C:\WINDOWS\system32\xexqridn.dll
C:\WINDOWS\system32\xfqdsfae.ini
C:\WINDOWS\system32\xfrxscsl.ini
C:\WINDOWS\system32\xmqrlhvk.dll
C:\WINDOWS\system32\xnyumlfa.dll
C:\WINDOWS\system32\xohugndj.ini
C:\WINDOWS\system32\xrtcdepb.ini
C:\WINDOWS\system32\xxybhulb.ini
C:\WINDOWS\system32\yablkkww.ini
C:\WINDOWS\system32\yedbeqst.dll
C:\WINDOWS\system32\ygllxrqg.ini
C:\WINDOWS\system32\yguxtnei.dll
C:\WINDOWS\system32\ylfjjawk.dll
C:\WINDOWS\system32\ynppmelk.ini
C:\WINDOWS\system32\ywcaxlxg.dll
C:\wsusupd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLIENT_IP-IPX
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-11 23:26 . 2008-05-11 23:26 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-11 23:09 . 2008-05-11 23:09 <DIR> d-------- C:\Program Files\Vcsron
2008-05-11 22:22 . 2008-05-11 22:22 2,112 --a------ C:\WINDOWS\system32\jrockdjj.exe
2008-05-11 16:04 . 2008-05-11 16:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-11 16:04 . 2008-05-11 16:04 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-10 23:00 . 2008-05-10 23:00 1,144 --a------ C:\Documents and Settings\George.COMPUTER\Application Data\update.log
2008-05-10 22:21 . 2008-05-10 22:21 2,112 --a------ C:\WINDOWS\system32\gtaraexj.exe
2008-05-10 21:57 . 2008-05-10 21:57 2,112 --a------ C:\WINDOWS\system32\xbjditiv.exe
2008-05-09 21:50 . 2008-05-09 21:50 2,112 --a------ C:\WINDOWS\system32\bfernmow.exe
2008-05-08 21:48 . 2008-05-08 21:48 2,112 --a------ C:\WINDOWS\system32\lpfvmuag.exe
2008-05-07 21:55 . 2008-05-07 21:55 2,112 --a------ C:\WINDOWS\system32\swwcmbce.exe
2008-05-07 15:57 . 2008-05-07 15:57 2,112 --a------ C:\WINDOWS\system32\gikyxuxm.exe
2008-05-06 15:52 . 2008-05-06 15:52 2,112 --a------ C:\WINDOWS\system32\hvkhjgap.exe
2008-05-04 20:03 . 2008-05-04 20:03 <DIR> d-------- C:\Program Files\Spcron
2008-05-04 17:24 . 2008-05-04 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVG7
2008-05-04 16:30 . 2008-05-04 16:30 <DIR> d-------- C:\Program Files\jv16 PowerTools 2008
2008-05-04 16:30 . 2008-05-04 16:30 23 --ahs---- C:\WINDOWS\system32\dcded8_z.dll
2008-05-04 16:30 . 2008-05-04 16:30 23 --a------ C:\WINDOWS\system32\abcbcc5_z.ocx
2008-05-04 02:37 . 2008-05-04 02:37 <DIR> d-------- C:\WINDOWS\system32\4343454D4F4A4F
2008-05-04 02:37 . 2007-12-14 08:40 120,832 --a------ C:\WINDOWS\system32\4B4B4D55575257.exe
2008-05-02 16:22 . 2008-05-02 16:22 <DIR> d-------- C:\Program Files\Twain
2008-05-02 16:20 . 2008-05-02 16:20 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\SpeedRunner
2008-05-02 16:20 . 2008-05-02 16:20 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Metacafe
2008-05-02 16:20 . 2008-05-02 16:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe
2008-04-13 19:19 . 2008-04-24 23:18 <DIR> d-------- C:\Documents and Settings\Ed\.mnemosyne
2008-04-13 19:14 . 2008-04-13 19:14 <DIR> d-------- C:\Program Files\Mnemosyne
2008-04-13 18:10 . 2008-04-13 18:10 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\.bsnes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 22:08 96,256 -c--a-w C:\WINDOWS\system32\drivers\sptddrv1.sys
2008-05-12 21:52 --------- d-----w C:\Program Files\iTunes
2008-05-12 03:12 --------- d-----w C:\Program Files\Lavasoft
2008-05-12 03:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 03:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-08 23:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-07 22:31 --------- d-----w C:\Program Files\Last.fm
2008-05-03 13:55 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\LimeWire
2008-05-02 20:20 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-05-01 20:33 --------- d-----w C:\Program Files\Autodesk
2008-04-24 21:30 --------- d-----w C:\Program Files\Lexmark X1100 Series
2008-04-20 20:34 --------- d-----w C:\Documents and Settings\Ed\Application Data\Skype
2008-04-20 20:03 --------- d-----w C:\Documents and Settings\Ed\Application Data\skypePM
2008-04-14 08:19 --------- d-----w C:\Program Files\mIRC
2008-04-11 23:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-11 02:29 10,674 -c--a-w C:\Documents and Settings\Ed\Application Data\wklnhst.dat
2008-04-07 18:56 --------- d-----w C:\Program Files\Dialang
2008-04-07 18:02 --------- d-----w C:\Program Files\Common Files\Skype
2008-03-27 04:32 --------- d-----w C:\Program Files\Anki2
2008-03-25 09:48 --------- d-----w C:\Documents and Settings\Ed\Application Data\Pamela
2008-03-25 09:47 --------- d-----w C:\Program Files\WinCAM 2000
2008-03-25 09:20 --------- d-----w C:\Program Files\Opera
2008-03-25 09:04 --------- d-----w C:\Program Files\AIM6
2008-03-25 09:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-03-25 01:56 --------- d-----w C:\Program Files\QuickTime
2008-03-25 01:13 --------- d-----w C:\Program Files\Symdivx
2008-03-25 00:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-24 18:29 --------- d-----w C:\Program Files\AIM
2008-03-23 02:53 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\Sonic
2008-03-23 02:52 --------- d-----w C:\Documents and Settings\George.COMPUTER\Application Data\Leadertech
2008-03-12 04:10 --------- d-----w C:\Program Files\Google
2008-03-05 19:47 136,627 -c--a-w C:\WINDOWS\POTA777444.exe
2008-02-15 20:51 102,400 -c--a-w C:\WINDOWS\tsnp2std .exe
2008-02-15 20:46 379,904 ----a-w C:\WINDOWS\mrofinu72.exe.tmp
2008-02-15 20:22 339,968 -c--a-w C:\WINDOWS\vsnp2std .exe
2008-02-13 23:56 41,771 ----a-w C:\BhEw.exe
2007-12-26 05:14 10 -c--a-w C:\Program Files\.autoreg
2007-11-16 22:19 32 -c--a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-07-16 21:32 81,920 ----a-w C:\Documents and Settings\Ed\Application Data\ezpinst.exe
2007-07-16 21:32 47,360 ----a-w C:\Documents and Settings\Ed\Application Data\pcouffin.sys
2007-07-16 21:06 87,608 ----a-w C:\Documents and Settings\Ed\Application Data\inst.exe
2007-05-21 06:53 534 -c--a-w C:\Documents and Settings\Andy.COMPUTER\Application Data\wklnhst.dat
2007-04-27 02:00 604 -c-ha-w C:\Program Files\STLL Notifier
2007-03-28 23:06 696 -c--a-w C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
2007-01-17 19:48 439,296 -c--a-w C:\Documents and Settings\Compaq_Owner\GoToAssist_phone__317_en.exe
2006-03-14 01:54 840 -c--a-w C:\Documents and Settings\Emma.GEORGEMMA.000\Application Data\wklnhst.dat
2006-03-01 00:56 4,506 -c--a-w C:\Documents and Settings\Ed.GEORGEMMA\Application Data\wklnhst.dat
2006-02-14 23:35 508 -c--a-w C:\Documents and Settings\Andy.GEORGEMMA\Application Data\wklnhst.dat
2005-12-05 22:54 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
2005-07-29 21:24 472 -csha-r C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ\lZpSwAx5KHY5v36CxrhOyk.vbs
2006-08-10 00:30 56 --sha-r C:\WINDOWS\system32\957DCF128A.sys
2006-08-10 00:30 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-08-26 19:57 130,905 -csha-w C:\WINDOWS\system32\srsc.dat
.
<pre>
----a-w			67,112 2008-03-24 18:30:15  C:\Program Files\AIM\aim .exe
----a-w			50,528 2008-03-24 18:30:17  C:\Program Files\AIM6\aim6 .exe
-c--a-w			75,392 2008-02-15 20:51:03  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w		   970,752 2008-03-18 21:14:53  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
-c--a-w		   157,592 2008-02-15 20:51:02  C:\Program Files\DAEMON Tools\daemon .exe
-c--a-w			68,856 2008-02-14 23:15:23  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 1,694,208 2008-03-18 21:14:53  C:\Program Files\Messenger\msmsgs .exe
-c--a-w		   282,624 2008-02-05 20:48:35  C:\Program Files\QuickTime\qttask					.exe
----a-w		   648,704 2008-02-05 20:47:26  C:\Program Files\QuickTime\qttask				   .exe
-c--a-w		   648,704 2008-02-05 01:20:20  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   648,704 2008-02-04 21:41:32  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   648,704 2008-02-03 21:06:33  C:\Program Files\QuickTime\qttask				.exe
-c--a-w		   648,704 2008-02-03 14:38:35  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   648,704 2008-02-02 18:52:52  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   648,704 2008-02-02 11:31:00  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-02-14 00:36:17  C:\Program Files\QuickTime\qttask			.exe
----a-w		   648,704 2008-02-14 00:35:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   648,704 2008-02-13 20:48:23  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   648,704 2008-02-13 03:42:49  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   648,704 2008-02-12 20:05:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   648,704 2008-02-11 20:19:26  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   648,704 2008-02-10 18:55:52  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   648,704 2008-02-09 17:46:16  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   648,704 2008-02-08 21:03:58  C:\Program Files\QuickTime\qttask	.exe
----a-w		   648,704 2008-02-14 23:13:16  C:\Program Files\QuickTime\qttask  .exe
----a-w		   648,704 2008-02-14 22:38:09  C:\Program Files\QuickTime\qttask .exe
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
-c--a-w			58,368 2008-02-15 20:21:41  C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe
----a-w		 3,481,600 2008-03-06 18:48:27  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   166,304 2008-02-11 20:21:05  C:\Program Files\Zune\ZuneLauncher .exe
-c--a-w		   102,400 2008-02-15 20:51:01  C:\WINDOWS\tsnp2std .exe
-c--a-w		   339,968 2008-02-15 20:22:07  C:\WINDOWS\vsnp2std .exe
----a-w		   208,952 2008-03-24 23:19:41  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w			44,032 2008-03-24 23:19:40  C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
----a-w			15,360 2008-03-24 23:19:57  C:\WINDOWS\system32\ctfmon .exe
----a-w		   174,592 2008-03-22 14:05:58  C:\WINDOWS\system32\lexpps .exe
-c--a-w			98,304 2008-02-15 20:22:05  C:\WINDOWS\system32\ps2 .exe
----a-w			59,392 2008-03-24 23:19:46  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w		   455,168 2008-03-24 23:19:48  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE
</pre>


------- Sigcheck -------

2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 06:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 08:00 14848 340a992968d7fecb91161a0636f15beb C:\WINDOWS\system32\lsass.exe
2004-08-04 08:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\dllcache\lsass.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DC549FE2-5615-457D-8244-A3A1ADF7B23F}]
C:\WINDOWS\system32\ssqrs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JARFile]
@={45A9B2C0-0D04-4AE6-B2F6-544B5C5E1EF3}

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"Aim6"="" []
"EventLog"="C:\WINDOWS\system32\event.exe" [ ]
"Vcsron"="C:\Program Files\Vcsron\Vcsron.exe" [2008-05-07 14:20 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [ ]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [ ]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [ ]
"PS2"="C:\WINDOWS\system32\ps2.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 08:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"6565676F716C7171"="3F3F0000000000.exe" []
"Zune Launcher"="c:\Program Files\Zune\ZuneLauncher.exe" [ ]
"979799A1A39EA3A3"="4B4B4D55575257.exe" [2007-12-14 08:40 120832 C:\WINDOWS\system32\4B4B4D55575257.exe]
"SM_IAN"="C:\Program Files\AdvancedCleaner Free\ian_monitor.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-06-17 14:57 145920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2008-03-24 23:21 218496]

C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Ed.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\Emma.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\George\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\George.COMPUTER\Start Menu\Programs\Startup\
Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [2007-06-28 17:49:41 106496]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\Andy\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\Andy.COMPUTER\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\Andy.GEORGEMMA\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\Andy.GEORGEMMA.000\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2006-06-21 10:58:33 159744]

C:\Documents and Settings\Ed\Start Menu\Programs\Startup\
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 18:05:02 630784]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{A0D3AF1E-0710-1033-0420-050624040001}"= "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]
"{A0D3AF1E-0710-1033-0420-050624040001}"= "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239
"{A0D3AF1E-070F-1033-0420-050624040001}"= "C:\Program Files\Common Files\{A0D3AF1E-070F-1033-0420-050624040001}\Update.exe" mc-110-12-0002239

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ZJvdzCxv"= {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2007-06-14 21:29 9216 C:\WINDOWS\system32\avgwlntf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mfc850]
mfc850.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhfdd]
mljhfdd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\spoolsvc]
spoolsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=C:\WINDOWS\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=C:\WINDOWS\pss\SpySubtract.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Ed\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]
C:\WINDOWS\system32\bpk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
--a--c--- 2005-02-26 01:34 245760 C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 06:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a--c--- 2004-10-14 16:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSPower]
--a--c--- 2005-01-04 19:54 49152 C:\WINDOWS\system32\SiSPower.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spoolsvc]
C:\WINDOWS\system32\spoolsvc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"C:\\Program Files\\Google\\Google Earth\\GoogleEarth.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Destiny\\RadioDestiny Broadcaster\\RadioDestiny Broadcaster.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Last.fm\\LastFM.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype .exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"25:TCP"= 25:TCP:Outlook Express
"9172:TCP"= 9172:TCP:BitComet 9172 TCP
"9172:UDP"= 9172:UDP:BitComet 9172 UDP
"22405:TCP"= 22405:TCP:BitComet 22405 TCP
"22405:UDP"= 22405:UDP:BitComet 22405 UDP
"49000:TCP"= 49000:TCP:BitComet 49000 TCP
"49000:UDP"= 49000:UDP:BitComet 49000 UDP
"19524:TCP"= 19524:TCP:BitComet 19524 TCP
"19524:UDP"= 19524:UDP:BitComet 19524 UDP

R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-01-11 18:39]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-09-21 14:31]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6778F1EE-80BB-4F27-BC69-F91B843782CD}]
C:\Documents and Settings\Ed\Application Data\Microsoft\cfgmgr.vbs
.
Contents of the 'Scheduled Tasks' folder
"2008-04-03 01:06:43 C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job"
- c:\Program Files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe;Sched HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 18:09:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE
C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-05-12 18:44:12 - machine was rebooted [Ed]
ComboFix-quarantined-files.txt 2008-05-12 22:44:04

Pre-Run: 25,932,509,184 bytes free
Post-Run: 25,716,359,168 bytes free

684 --- E O F --- 2008-05-08 02:46:33


And the Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:44 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\4B4B4D55575257.exe
C:\Program Files\Vcsron\Vcsron.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [979799A1A39EA3A3] 4B4B4D55575257.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKCU\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all vid
  • 0

#4
Rael

Rael

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
The hijack log got cut off. Here's a re-post:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:56:44 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\4B4B4D55575257.exe
C:\Program Files\Vcsron\Vcsron.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...arm1=seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...a...&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {DC549FE2-5615-457D-8244-A3A1ADF7B23F} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [6565676F716C7171] 3F3F0000000000.exe
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [979799A1A39EA3A3] 4B4B4D55575257.exe
O4 - HKLM\..\Run: [SM_IAN] C:\Program Files\AdvancedCleaner Free\ian_monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EventLog] C:\WINDOWS\system32\event.exe
O4 - HKCU\..\Run: [Vcsron] C:\Program Files\Vcsron\Vcsron.exe
O4 - HKCU\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{A0D3AF1E-0710-1033-0420-050624040001}] "C:\Program Files\Common Files\{A0D3AF1E-0710-1033-0420-050624040001}\Update.exe" mc-110-12-0002239 (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...arch.jhtml?p=ZR
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim .exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: mfc850 - mfc850.dll (file missing)
O20 - Winlogon Notify: mljhfdd - mljhfdd.dll (file missing)
O20 - Winlogon Notify: spoolsvc - spoolsvc.dll (file missing)
O21 - SSODL: ZJvdzCxv - {A0D3AF1F-0A79-05B5-082D-E56E99FFDA61} - C:\WINDOWS\system32\whjpxua.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - Unknown owner - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (file missing)
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - c:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O24 - Desktop Component 0: (no name) - (no file)

--
End of file - 13096 bytes
  • 0

#5
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Before we begin, you should save these instructions in Notepad to your desktop, or print them, for easy reference. Much of our fix will be done in Safe mode, and you will be unable to access this thread at that time. If you have questions at any point, or are unsure of the instructions, feel free to post here and ask for clarification before proceeding.


Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.



1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

File::
C:\WINDOWS\system32\jrockdjj.exe
C:\WINDOWS\system32\gtaraexj.exe
C:\WINDOWS\system32\xbjditiv.exe
C:\WINDOWS\system32\bfernmow.exe
C:\WINDOWS\system32\lpfvmuag.exe
C:\WINDOWS\system32\swwcmbce.exe
C:\WINDOWS\system32\gikyxuxm.exe
C:\WINDOWS\system32\hvkhjgap.exe
C:\WINDOWS\system32\4B4B4D55575257.exe
C:\WINDOWS\POTA777444.exe
C:\WINDOWS\tsnp2std .exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\WINDOWS\vsnp2std .exe
C:\BhEw.exe
C:\Program Files\.autoreg
C:\WINDOWS\system32\srsc.dat
C:\WINDOWS\system32\bpk.exe

Folder::
C:\WINDOWS\R2VvcmdlIE1lbG9odXNreQ
C:\Program Files\Spcron
C:\WINDOWS\system32\4343454D4F4A4F
C:\Program Files\Vcsron

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bpk]

RenV::
----a-w			67,112 2008-03-24 18:30:15  C:\Program Files\AIM\aim .exe
----a-w			50,528 2008-03-24 18:30:17  C:\Program Files\AIM6\aim6 .exe
-c--a-w			75,392 2008-02-15 20:51:03  C:\Program Files\Alwil Software\Avast4\ashDisp .exe
----a-w		   970,752 2008-03-18 21:14:53  C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater .exe
-c--a-w		   157,592 2008-02-15 20:51:02  C:\Program Files\DAEMON Tools\daemon .exe
-c--a-w			68,856 2008-02-14 23:15:23  C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w		 1,694,208 2008-03-18 21:14:53  C:\Program Files\Messenger\msmsgs .exe
-c--a-w		   282,624 2008-02-05 20:48:35  C:\Program Files\QuickTime\qttask					.exe
----a-w		   648,704 2008-02-05 20:47:26  C:\Program Files\QuickTime\qttask				   .exe
-c--a-w		   648,704 2008-02-05 01:20:20  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   648,704 2008-02-04 21:41:32  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   648,704 2008-02-03 21:06:33  C:\Program Files\QuickTime\qttask				.exe
-c--a-w		   648,704 2008-02-03 14:38:35  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   648,704 2008-02-02 18:52:52  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   648,704 2008-02-02 11:31:00  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   282,624 2008-02-14 00:36:17  C:\Program Files\QuickTime\qttask			.exe
----a-w		   648,704 2008-02-14 00:35:24  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   648,704 2008-02-13 20:48:23  C:\Program Files\QuickTime\qttask		  .exe
----a-w		   648,704 2008-02-13 03:42:49  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   648,704 2008-02-12 20:05:13  C:\Program Files\QuickTime\qttask		.exe
----a-w		   648,704 2008-02-11 20:19:26  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   648,704 2008-02-10 18:55:52  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   648,704 2008-02-09 17:46:16  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   648,704 2008-02-08 21:03:58  C:\Program Files\QuickTime\qttask	.exe
----a-w		   648,704 2008-02-14 23:13:16  C:\Program Files\QuickTime\qttask  .exe
----a-w		   648,704 2008-02-14 22:38:09  C:\Program Files\QuickTime\qttask .exe
----a-w		21,760,296 2008-03-21 04:49:35  C:\Program Files\Skype\Phone\Skype .exe
-c--a-w			58,368 2008-02-15 20:21:41  C:\Program Files\Sound Volume Hotkeys\SoundVolumeHotkeys .exe
----a-w		 3,481,600 2008-03-06 18:48:27  C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
-c--a-w		   166,304 2008-02-11 20:21:05  C:\Program Files\Zune\ZuneLauncher .exe
-c--a-w		   102,400 2008-02-15 20:51:01  C:\WINDOWS\tsnp2std .exe
-c--a-w		   339,968 2008-02-15 20:22:07  C:\WINDOWS\vsnp2std .exe
----a-w		   208,952 2008-03-24 23:19:41  C:\WINDOWS\ime\imjp8_1\IMJPMIG .EXE
----a-w			44,032 2008-03-24 23:19:40  C:\WINDOWS\ime\imkr6_1\IMEKRMIG .EXE
----a-w			15,360 2008-03-24 23:19:57  C:\WINDOWS\system32\ctfmon .exe
----a-w		   174,592 2008-03-22 14:05:58  C:\WINDOWS\system32\lexpps .exe
-c--a-w			98,304 2008-02-15 20:22:05  C:\WINDOWS\system32\ps2 .exe
----a-w			59,392 2008-03-24 23:19:46  C:\WINDOWS\system32\IME\PINTLGNT\ImScInst .exe
----a-w		   455,168 2008-03-24 23:19:48  C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP .EXE

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

  • 0

#6
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP